MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92b3d8bab3c0250d9f2cdc910bbff25a81becee93030610a3393c9b9d3ef8a82. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DonutLoader


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 92b3d8bab3c0250d9f2cdc910bbff25a81becee93030610a3393c9b9d3ef8a82
SHA3-384 hash: 26fcb7a19761e6d05eeb73a4776117846b5d2446e93bade5dd6313c38e3b3c1aca1cd8a42844c25793940735204fb101
SHA1 hash: 7ef0b5ea30e01bf5e2f33d363d8042abfb011afe
MD5 hash: e98154c8265a8845210a80d4793df356
humanhash: blue-twelve-kitten-two
File name:int.pdf.hta
Download: download sample
Signature DonutLoader
Create hunting rule
File size:314 bytes
First seen:2025-08-24 10:51:56 UTC
Last seen:Never
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 6:q43taYOXHmgEqrhaKB8SFXJRN0J14DFiwMch0MWXfGb:Twt9Eqr8G8+l0J14MwMCL8Gb
TLSH T1A0E07D549850CD8C1C792569ADB7F60CD24350631002DF44374CC5039F311074FC36CD
Magika html
Reporter aachum
Tags:ClickFix donutloader FakeCaptcha hta LummaStealer summitvia-com


Avatar
iamaachum
https://summitvia.com/?campaign=21998510053&utm_content=170436848134 => http://91.206.178.200/int.pdf

Intelligence

File Origin
# of uploads :
1
# of downloads :
310
Origin country :
ES ES
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.BZC.UGZ.Boxter.794.1DD8D7F6.18891.10817.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68aaeef96eed937d746d5cc7
Tags:
overt spawn virus
Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Link:
https://app.docguard.net/92b3d8bab3c0250d9f2cdc910bbff25a81becee93030610a3393c9b9d3ef8a82/results/dashboard
Payload URLs
URL
File name
http://uruvita.com
HTA File
Behaviour
BlacklistAPI detected
Verdict:
Malicious
Labled as:
BZC.UGZ.Boxter.794
Link:
https://www.hybrid-analysis.com/sample/92b3d8bab3c0250d9f2cdc910bbff25a81becee93030610a3393c9b9d3ef8a82
Verdict:
Malicious
File Type:
html
First seen:
2025-08-23T21:54:00Z UTC
Last seen:
2025-08-23T21:54:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/92b3d8bab3c0250d9f2cdc910bbff25a81becee93030610a3393c9b9d3ef8a82/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1763922
Signature
Downloads files with wrong headers with respect to MIME Content-Type
Joe Sandbox ML detected suspicious sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: PowerShell Download and Execution Cradles
Sigma detected: Suspicious MSHTA Child Process
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1763922 Sample: int.pdf.hta Startdate: 24/08/2025 Architecture: WINDOWS Score: 72 18 uruvita.com 2->18 24 Malicious sample detected (through community Yara rule) 2->24 26 Multi AV Scanner detection for submitted file 2->26 28 Downloads files with wrong headers with respect to MIME Content-Type 2->28 30 3 other signatures 2->30 8 mshta.exe 2->8         started        10 svchost.exe 1 1 2->10         started        signatures3 process4 dnsIp5 13 powershell.exe 15 15 8->13         started        20 127.0.0.1 unknown unknown 10->20 process6 dnsIp7 22 uruvita.com 91.206.178.200, 49710, 80 ARTNET2PL Poland 13->22 16 conhost.exe 13->16         started        process8
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/92b3d8bab3c0250d9f2cdc910bbff25a81becee93030610a3393c9b9d3ef8a82
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
Html
Link:
https://app.malva.re/file/e98154c8265a8845210a80d4793df356
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/92b3d8bab3c0250d9f2cdc910bbff25a81becee93030610a3393c9b9d3ef8a82/
Verdict:
Malicious
Threat:
Trojan.Script
Link:
https://tip.neiki.dev/file/92b3d8bab3c0250d9f2cdc910bbff25a81becee93030610a3393c9b9d3ef8a82
Threat name:
Document-HTML.Phishing.Boxter
Create hunting rule
Status:
Malicious
First seen:
2025-08-24 10:52:36 UTC
File Type:
Text (HTML)
Extracted files:
1
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=skz5rovtyasq3hzm3siqxp7slka35txjgaygccrtspe3tu7prkba._file
Result
Malware family:
donutloader
Create hunting rule
Score:
  10/10
Tags:
family:donutloader defense_evasion discovery loader spyware
Link:
https://tria.ge/reports/250824-myn5katrz9/
Behaviour
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Browser Information Discovery
System Location Discovery: System Language Discovery
Drops file in Windows directory
Accesses cryptocurrency files/wallets, possible credential harvesting
Badlisted process makes network request
Modifies trusted root certificate store through registry
Detects DonutLoader
DonutLoader
Donutloader family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/92b3d8bab3c0250d9f2cdc910bbff25a81becee93030610a3393c9b9d3ef8a82

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DonutLoader

HTML Application (hta) hta 92b3d8bab3c0250d9f2cdc910bbff25a81becee93030610a3393c9b9d3ef8a82

(this sample)

  
Link
https://tria.ge/250824-mnnq2ss1hv/behavioral2
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3610822/

Comments